The Internet is a global public network of interconnected computer networks that utilize a common standard set of communication and configuration protocols. The Internet includes numerous private, public, business, academic, and government networks. Within each of the different networks are devices such as servers, workstations, printers, portable computing devices, host computers, monitoring devices, to name a few examples. These devices are able to connect to devices within their own network or to other devices within different networks through communication devices such as hubs, switches, and routers.
Sometimes an attacker will attempt to disrupt network communications or operation. A common type of attack is a volume based denial-of-service attack (DoS). Typically, the attacker targets a single network, device, group of devices, or link within a network and attacks by generating network traffic. The increased traffic consumes the victim (or target) network's available bandwidth, the computer resources of the victim device, or the resources of the communications devices used to transmit the traffic. The attack impacts the victim's ability to communicate with other legitimate devices or networks because the resources of victim device or network are consumed in an attempt to handle or respond to the attack traffic.
One approach to mitigate the volume based DoS attacks involves a subscriber, typically an enterprise network, signaling an upstream service provider to help mitigate the attack after it was detected at the subscriber's network. In the past, subscribers used out-of-band communications to communicate with the service provider during the attack. Out-of band communications are communications sent via alternate communication channels or mediums than the channel under attack. For example, an information technology (IT) administrator that is tasked with maintaining the victim device or network might use a telephone line or mobile phone network to communicate with administrators working for the upstream service provider.
Another approach is to detect and attempt to mitigate volume based DoS attacks on the service provider side. The advantage with this approach is that the service provider often has the bandwidth to handle the attack traffic and may also have dedicated devices or systems for scrubbing the attack traffic from the legitimate traffic.
Still another approach is for the subscriber to attempt to detect and mitigate the attack at the network edge. This solution, however, is unable to mitigate large attacks because the link to the network is only able to handle a certain amount of traffic. Once this threshold is reached, legitimate traffic will start to be blocked from the subscriber. Moreover, every subscriber that wishes to have mitigation solutions must install and maintain its own hardware and software solutions onsite. Additionally, it is only after an attack has reached the targeted network that the subscriber devices are able to detect and mitigate the attack.